> when SSH ends, for example, a Release event is sent
> through dbus and systemd-logind captures it, in the function 
> manager_message_handler().
> From there, the function session_remove_fifo() is called. That point is our 
> "bootstrap"
> to add the closing session on gc

ok i see that path, dbus Release -> remove fifo, however i don't think
it's appropriate to put the add_to_gc into remove_fifo; because,
remove_fifo is also called from session_free()..consider this code:



so...that call to session_remove_fifo() previously only removed the
fifo.  but with your patch, it's also adding 's' back onto the gc
queue...but then immediately freeing s!!!  When the gc queue is
processed, this code:

        while ((session = m->session_gc_queue)) {
                LIST_REMOVE(Session, gc_queue, m->session_gc_queue, session);
                session->in_gc_queue = false;

will dereference 's' ('session' in the gc handler), accessing freed

Since you're trying to use the dbus Release notification to add the
session to the gc, wouldn't it be better to simply update the dbus
Release handler to remove the fifo *and* add the session to the gc, from
there?  not modify the remove_fifo function?

You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.

  systemd-logind: memory leaks on session's connections (trusty-only)

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Trusty:
  In Progress
Status in systemd source package in Xenial:
  Fix Released
Status in systemd source package in Artful:
  Fix Released
Status in systemd source package in Bionic:
  Fix Released

Bug description:
  Below the SRU request form. Please refer to the Original Description
  to a more comprehensive explanation of the problem observed.


   * systemd-logind tool is leaking memory at each session connected. The 
   issues happens in systemd from Trusty (14.04) only.

   * Three issues observed:
    - systemd-logind is leaking entire sessions, i.e, the sessions are not 
      feeed after they're closed. In order to fix that, we proactively add 
      the sessions to systemd garbage collector (gc) when they are closed. 
      Also, part of the fix is to make cgmanager package a dependency. Refer 
      to comment #1 to a more thorough explanation of the issue and the fix.

    - a small memory leak was observed in the session creation logic of 
      systemd-logind. The fix for that is the addition of an appropriate 
      free() call. Refer to comment #2 to more details on the issue and fix.

    - another small memory leak was observed in the cgmanager glue code of 
      systemd-logind - this code is only present in this specific Ubuntu 
      release of the package, due to necessary compatibility layer with 
      upstart init system. The fix is to properly call free() in 2 
      functions. Refer to comment #3 to a deep exposition of the issue and 
      the fix.

  [Test Case]

   * The basic test-case is to run the following loop from a remote machine:
     while true; do ssh <hostname-target> "whoami"; done

   * It's possible to watch the increase in memory consumption from 
     "systemd-logind" process in the target machine. One can use the
     "ps uax" command to verify the RSS of the process, or count its 
     anonymous pages from /proc/<logind_pid>/smaps.

  [Regression Potential] 

   * Since the fixes are small and not intrusive, the potential for 
     regressions are low. More regression considerations on comments #1, #2 
     and #3 for each fix.

   * A potential small regressson is performance-wise, since now we add 
     sessions to garbage collector proactively.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~sts-sponsors
Post to     : sts-sponsors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~sts-sponsors
More help   : https://help.launchpad.net/ListHelp

Reply via email to